Re: PF telnet redirect not working

[Daniel Hartmeier <daniel@benzedrine.cx>]

On Thu, Mar 14, 2002 at 04:26:30PM -0600, Joel Gudknecht wrote:

> rdr on xl1 proto tcp from any to any port 23 -> 192.168.100.4 port 23
> 
> xl0 = 192.168.100.20
> xl1 = 206.8.19.228
> 
> What I want to do is be able to telnet to 206.8.19.228 and have openbsd transparently redirect me to 192.168.100.4 as shown in the nat.conf. It appears like it's getting to the 192.168.100.4 because a pfctl -ss reports this, TCP  192.168.100.4:23 <- 206.8.19.228:23 <- 206.8.19.8:1360       CLOSED:SYN_SENT.

That means the initial SYN packet came in on xl1, got its destination
address translated to 192.168.100.4, passed the (pass all) filter rules
and created state. I'd say it's also safe to assume that it was then
sent out on xl0 (use tcpdump on xl0 to verify).

But there was no SYN+ACK from 192.168.100.4. Either .4 never got the
SYN, or it dropped it silently. Or it sent the SYN+ACK, but it never
made it to the firewall. Run tcpdump on .4 to verify.

One possible explanation is that .4 is not using the firewall as default
gateway. Or it's silently dropping SYNs from external hosts. Or
something in between .4 and the firewall is filtering.

The general setup is correct, I think you'll find that the firewall is
correctly translating and forwarding the packets, but something else is
going wrong.

Daniel